Vulnerabilities > Hcltech
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-30 | CVE-2022-27563 | Improper Check for Unusual or Exceptional Conditions vulnerability in Hcltech Versionvault Express 2.0.1/2.1.0 An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service. | 7.5 |
2022-08-29 | CVE-2022-27546 | Cross-site Scripting vulnerability in Hcltech Domino and HCL Inotes HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. | 6.1 |
2022-08-29 | CVE-2022-27547 | Open Redirect vulnerability in Hcltech Domino and HCL Inotes HCL iNotes is susceptible to a link to non-existent domain vulnerability. | 7.4 |
2022-08-29 | CVE-2022-27558 | Weak Password Requirements vulnerability in Hcltech Domino and HCL Inotes HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. | 7.5 |
2022-07-19 | CVE-2022-27544 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Platform BigFix Web Reports authorized users may see SMTP credentials in clear text. | 6.5 |
2022-07-19 | CVE-2022-27545 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. | 5.4 |
2022-06-09 | CVE-2021-27786 | Incorrect Comparison vulnerability in Hcltech Onetest Server 10.0/10.1/10.2 Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. | 9.8 |
2022-06-01 | CVE-2021-27778 | Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0 HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. | 4.8 |
2022-05-27 | CVE-2021-27780 | Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | 5.3 |
2022-05-27 | CVE-2021-27781 | Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | 4.8 |